Every single member of House votes to require warrants to access all emails

Published time: 27 Apr, 2016 23:30

The House voted 419-0 on a bill requiring law enforcement to obtain a warrant to look through Americans’ emails, no matter how old they are. The bill would update a 30-year-old law that doesn’t require a warrant for emails older than 180 days.

The Email Privacy Act, HB 699, closes a loophole in the 1986 Electronic Communications Privacy Act that allows emails to be accessed by law enforcement with only a subpoena to the company storing them – not a warrant – if the stored communication is more than 180 days old.

It was swiftly and unanimously passed on to the Senate, following a unanimous vote by the House Judiciary Committee earlier this month. The bill garnered a historic 314 co-sponsors, almost three-quarters of the house, with many legislators agreeing that the bill is long overdue.

“Under current law, there are more protections for a letter in a filing cabinet than an email on a server,” said Representative Suzan Delbene (D-Washington) during the 40-minute debate period.

The bill originally had even stronger protections on privacy, requiring law enforcement to notify the person whose electronic communications are being accessed within 10 days. However, to alleviate concerns brought forth by law enforcement organizations, this provision was removed in an amendment added by the House Judiciary Committee chairman Bob Goodlatte (R-Virginia). Now notification would be at the discretion of the third-party service storing the email.

Bipartisan support for the potential law exists within the Senate version as well, with Democrats such as **** Durbin of Illinois and Republicans such as Ted Cruz of Texas co-sponsoring the bill.

As Microsoft continues its battle against the US government in a federal appeals court, more customers will likely switch to smaller email encryption companies for a greater protection of their private data, the co-founder of one such company told RT.

On Wednesday, Microsoft asked a federal appeals court to block the US government from forcing it to turn over a customer’s email stored on servers in Ireland. The company argues that the precedent will open the door for other countries to seize information on servers in the US whenever they want.

"We would go crazy if China did this to us," Joshua Rosenkranz, a lawyer for Microsoft, told the 2nd US Circuit Court of Appeals in New York.

The government, for its part, insists that it’s not “a question of ownership,” but rather of “custody and control.”

Enacted in 1986, the Stored Communications Act potentially gives the US government jurisdiction to order the disclosure of "stored wire and electronic communications and transactional records" held by third-party internet service providers. However, the law came decades before providers like Microsoft started using servers abroad.

So, the question now is whether the Department of Justice’s warrant is an "extraterritorial" application of the law.

“It's not just about privacy or respect for the laws of other countries, but how a law passed in 1986 — before email, instant messaging and social media — should now be applied in a digital world where communications and technologies continue to evolve," Craig Newman, a data privacy lawyer, told USA Today after attending the hearing.

Since Edward Snowden revealed the National Security Agency’s snooping activities, a need for encrypted email sites has spawned. Tech experts now predict that more and more customers will turn to companies that encrypt and store customer’s information abroad.

“Like Snowden told us, It’s really the only way to protect your personal information from Big Brother,” said Katherine Albrecht, a longtime privacy advocate and co-founder of StartMail, a private email service.

Albrecht predicts that American tech giants like Google, Yahoo and Microsoft will lose billions of dollars, “because people are flocking to other smaller companies out of the country.”

Companies like StartMail encrypt emails so that even if the email is intercepted or obtained, it could not be read by the third party. In the case of Albrecht’s company, it is located in the Netherlands.

“All our servers are not in the cloud – they are 100 percent owned, it’s 100 percent Dutch and there is not really any cloud jurisdiction,” she explained.

Albrecht says that she believes that “we are going to see an increase” of offshore private companies like hers.

“The reality is that any time you let your data out of your control, you are subject to the laws of a number of countries. Essentially when you let data out in the cloud, you don’t know where the company you are doing business with is storing it,” she said.

One of the problems, Albrecht added, is that some people still don’t realize that companies like Google or Yahoo make copies of emails and store them even after emails are deleted.

“And they read all of your emails for advertising purposes,” she added. “The databases that they have created have become tempting targets for not only the US government but for Chinese governments who go after dissidents in many countries. So I think we are going to see people moving to smaller email programs, offshore email programs and particularly encryption.”

In April, Google updated its privacy terms and conditions and, by doing so, essentially admitted that the company does look through all the data customers share when they use its services.

"When you upload, or otherwise submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content," it said.

The company, however, said that it needs its customers’ data to improve and develop services.

NSA whistleblower and privacy advocate Edward Snowden took part in his first public debate on encryption on Tuesday night, facing off against CNN’s Fareed Zakaria, a journalist and author known for his coverage of international affairs.

Zakaria, in New York, defended the government’s right to access any and all encrypted messages and devices as long as there’s court approval. Snowden, speaking over a live video-link from Moscow, argued the security of the Internet is more important than the convenience of law enforcement. The debate was organized by NYU’s Wagner School of Public Service and the Century Foundation.

Though Zakaria started off firm in his conviction that law enforcement should be able to get hold of all digital messages with court approval, he gradually conceded that it may not be that simple. Zakaria said he himself doesn’t actively encrypt any of his communications, assuming everything will be fine — though Snowden pointed out that, since he has an iPhone, some of his data and communications are encrypted by default.

Zakaria opened the debate by posing a hypothetical: Bank of America creates an “iVault” allowing anyone to store all their financial data totally encrypted. An embezzler could take advantage of that service to hide the evidence of their misdeeds, foiling investigators. “I understand within a democracy, you have to sacrifice liberty for democracy at some point. You cannot have an absolute zone of privacy,” he said.

Snowden agreed with Zakaria that absolute zones of privacy don’t exist, and that encryption does pose real problems for law enforcement. But he disagreed that universal access is the best way to solve the problem. “For the government to unlock everything there has to be a key to everything. Every other person in the world can find that key and use it too,” he said. “It’s a fundamental problem of science.”

Instead, he suggested, police should take advantage of the many other options available to them. He cited the investigation into the founder of Silk Road, an anonymous, encrypted platform for black market drug sales. In that case, a team of investigators caught the mastermind at the library after he typed in his password.

“Encryption is not an unbreakable wall,” Snowden said. “Or if it is, it is one we can get around, if we are patient, if we are careful, if we think and plan how to go about our investigations.”

By the end of the debate, Zakaria said he did not support the legislation proposed by Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., which would mandate companies to immediately decrypt all communications when asked by a court. The bill has been heavily criticized by technologists.

And Zakaria acknowledged that if it was genuinely impossible for a company to decrypt communications, then the court should accept that — though it would be a “hard case.”

“If WhatsApp says we literally do not know how to write this code — WhatsApp could demonstrate to a court that they don’t have to do it,” Zakaria said.

He concluded by encouraging greater clarity about what kind of communications the government can and cannot access — before the next disastrous terrorist attack. “We do face real threats out there. There are people out there trying to do bad things. Once they happen, the government will be given carte blanche,” he said.

Snowden noted that former security officials now proclaiming the value of unbreakable encryption — including former NSA Director Michael Hayden — had considered those questions carefully and had fallen on the side of computer security.

With Facebook No Longer a Secret Weapon, Egypt’s Protesters Turn to Signal

Robert MackeyApr. 26 2016, 6:49 a.m.

Updated | April 27, 1:25 p.m.

Although the police in Cairo sealed off parts of the Egyptian capital where protests scheduled on Facebook were to have taken place on Monday, opposition activists managed to stage brief rallies that resembled flash mobs, calling for an end to military rule and the cancellation of a deal to surrender two islands to Saudi Arabia.

The fact that Facebook is now so closely monitored by the security forces prompted one leading activist to offer an online tutorial in how to use a new tool, the encrypted messaging app Signal, to help protesters find each other on the city’s streets, and stay one step ahead of the authorities.

The heavy police presence wherever protests were planned seemed to indicate that the authorities can no longer be caught off guard by events organized on public social networks, as they were in 2011 when Facebook-driven protests led to the toppling of President Hosni Mubarak.

Concrete proof of the new dynamic could be seen outside the Journalists’ Syndicate in Cairo, where thousands of protesters had gathered 10 days ago and a Facebook group called Egypt Is Not For Sale had called for fresh demonstrations against the transfer of the uninhabited Red Sea islands, Tiran and Sanafir, to Saudi control.

Not only was the area off-limits to protesters on Monday, it was used to stage a pro-government dance party for a handful of President Abdel Fattah el-Sisi’s biggest fans, joined by flag-waving police officers.

Across the Nile, however, protesters unable to access the main rallying points suddenly appeared in Mesaha Square, a temporarily unsecured area of the Dokki neighborhood, and launched into chants against military rule and the transfer of the islands.

“They can lock down all the squares, but we will still find some street, some alleyway,” one young protester there told Kareem Fahim of the New York Times. “It is endless cat and mouse.”

Although the protesters did manage to evade detection long enough to assemble and make their voices heard, the police arrived within minutes to disperse the crowd, firing tear gas and shotgun pellets.

A short time later, the protesters appeared again on a nearby street.

By the end of the day, more than 200 people were reportedly detained, including dozens of journalists.

The apparently haphazard nature of some of the arrests seemed to be illustrated by a brief video clip of one young man being pulled into a police van as he simply walked past it on a sidewalk.

Although secure messaging apps like Signal and WhatsApp do allow users to send some group chat messages, by their nature they are not as easy to use for public broadcast as Facebook or Twitter, which could hinder their usefulness as organizing tools for mass street protests.

A potentially more significant problem with the use of encrypted messaging apps by protesters hoping to avoid detection by the authorities is that just having the software on their phones could start to seem suspicious. There was some evidence of this in Cairo on Monday, with reports of the police searching the phones of protesters, and even scanning their Facebook and WhatsApp accounts.

Another vulnerability dissidents in Egypt and elsewhere need to be aware of is that Signal, like Telegram, is activated by an ordinary, and easily intercepted, SMS text message to the phone of a new user. That means that it is technically possible for a phone provider, or a police surveillance unit, to know whenever a new user activates the service.

Frederic Jacobs, formerly a lead developer for Signal, pointed to this problem in a blog post in January about the dangers of using Telegram in Iran:

Most mobile messaging apps these days use SMS as a login technique. It’s really convenient because it doesn’t require the user to remember yet another username or identifier and telcos are taking care of the identity management such as re-assigning the phone number to you if you lose your phone.

SMS are trivial to intercept for your telecom provider. And in almost all countries, they are actively cooperating with the state to help intercept text messages and phone calls. But it’s not only your telecom provider, devices like IMSI catchers provide a cheap and efficient way of intercepting text messages for a local adversary.

In Egypt, there is evidence that the authorities have been intercepting password-reset codes sent to activists as part of the two-step verification process for other services, according to Ramy Raoof, a technologist, privacy and digital security consultant.

“As a user, if you forget your password for a particular platform, you can often recover your password by asking the platform to send a unique code to your mobile,” Roof wrote in a post for Global Voices earlier this month. “When you receive the code, you enter it in the platform as away of verifying your identity.”

“In Egypt, however, thanks to strong state control over telecommunications infrastructure, it appears that state actors have been using this feature to their gain,” he added. “They attempt to access activists’ accounts by selecting the “forgot password” option, and then intercept (or block) the code sent to the activist’s mobile phone. This allows them to rest the activist’s password and effectively take over his or her their account.”

As Orla Guerin of the BBC noted, the Sisi supporters were allowed to demonstrate unmolested, and harass foreign journalists, even as a law banning spontaneous rallies was used to arrest protesters in other parts of the city.

Some of the most ardent government supporters seen on local television were familiar to viewers from previous rallies, including a woman who had achieved viral fame two years ago for an interview in which she scolded President Barack Obama for his supposed interference in the country’s affairs by saying, in fractured English: “Shut up your mouse, Obama! Sisi, yes! Sisi, yes!”

Waving a Saudi flag at the center of a small pro-government rally on Monday in Cairo’s Talaat Harb square, the same woman was filmed saying that the Saudi king could have Egypt’s pyramids and the Sphinx as well.

Suspicions that the government supporters might have been mobilized by the authorities were reinforced by reports that some of them were transported to Tahrir Square in police vans.

As if to underline how much Egypt has changed since the end of the 2011 revolt, government supporters even rallied on Monday outside the window of the deposed president, Hosni Mubarak, who waved to fans from his hospital room at the Maadi military hospital in a Cairo suburb.

The Saudis in the middle east are looking like the Americans and seem to be putting their nose in everyone's business, Yemen and Egypt anyway. And neither of these countries want the Saudis interference.

What's scarey about Clapper is that he actually believes what he is saying and assumes people will accept it as true. These guys have been getting away with stuff for far too long and are operating back decades ago when people were in the dark about all the clandestine activities and decisions made by the so called authorities.

Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption by 7 Years

Jenna McLaughlin

THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”

Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.

Technologists have been tirelessly working to strengthen encryption for decades, not just the past few years. But Snowden’s revelations about the pervasiveness of mass surveillance clearly accelerated its more widespread availability.

And technologists say the threat of law enforcement “going dark” has been overhyped. For instance, there are almost always ways to hack around encryption, even if you can’t break it.

Clapper acknowledged that there is no such thing as unbreakable encryption from his perspective. “In the history of mankind, since we’ve been doing signals intelligence, there’s really no such thing, given proper time, and proper application of technology.”

FBI could soon legally hack any computer in the US – and possibly beyond

The Supreme Court approved new rules on Thursday that would potentially give the FBI the authority to hack any computer in the United States, and potentially computers located overseas as well. Those hidden by Tor technology will also be vulnerable.

Now the Congress have until December 1 to either approve the rule, reject or make changes to it – then any magistrate judge in the country could grant the FBI warrants authorizing hacks into computers whose whereabouts are unknown.

In its letter to Congress, the Supreme Court approved the following change to Rule 41 of the Federal Rule of Criminal Procedure:

“A magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means; or (B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts."

Under the phrase “concealed through technological means,” the court is referring to computers whose location is hidden via the use of anonymity software such as the Tor web browser.

Currently, magistrate judges cannot issue warrants for “remote searches” to the FBI if law enforcement doesn’t know where a computer in question is physically located, since its location could potentially be outside of the court’s jurisdiction.

Not only does the new rule change that, it also could allow the FBI to gain access to computers that have been already hacked by malicious software, meaning that victims of cyberattacks could see their computers searched by the government. If a computer is suspected to be part of compromised network, that network could also be searched. If a computer is ultimately located overseas but hidden via Tor, then authorities may potentially be able to hack into it as well.

For its part, the Justice Department believes that the modified rule is necessary to keep up with criminals using the latest technology to avoid detection. If an individual is trying to hide his location, the argument goes, then search warrants should be able to bypass jurisdiction limitations.

“Criminals now have ready access to sophisticated anonymizing technologies to conceal their identity while they engage in crime over the Internet, and the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend them,” DOJ spokesperson Peter Carr said in a statement to Motherboard.

“This amendment ensures that courts can be asked to review warrant applications in situations where is it currently unclear what judge has that authority. The amendment makes explicit that it does not change the traditional rules governing probable cause and notice.”

The Supreme Court’s approval comes as courts in Massachusetts and Oklahoma have recently opted to toss out evidence collected by the government in relation to child pornography investigations, since the original search warrant obtained by the FBI came from a judge in Virginia. If the new rules approved by the Supreme Court go into effect, the evidence would have been allowed.

However, not everyone is buying the Justice Department’s argument. Senator Ron Wyden (D-Oregon) questioned the wisdom of the changes to Rule 41, adding that he will ask the government to detail its hacking process. He also said he will propose legislation to reverse the amendments.

"These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices," he said Thursday in a statement. “Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime.”

Some major technology companies have also criticized the proposed changes, arguing they threaten to “undermine the privacy rights and computer security of Internet users.” Google has stated that US officials would “likely” use the altered rules to search computers overseas.

“Even if the intent of the proposed change is to permit U.S. authorities to obtain a warrant to directly access and retrieve data only from computers and devices within the US, there is nothing in the proposed change to Rule 41 that would prevent access to computers and devices worldwide,” the company stated back in February.

Meanwhile, privacy activists and tech organizations have also raised concerns, including Kevin Bankston of the Open Technology Institute.

“Whatever euphemism the FBI uses to describe it – whether they call it a ‘remote access search’ or a ‘network investigative technique’ – what we’re talking about is government hacking,” he said to the Intercept, “and this obscure rule change would authorize a whole lot more of it.”

The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, including those belonging to victims of cybercrime. The changes will take effect in December, unless Congress adopts competing legislation.

Previously, under the federal rules on criminal procedures, a magistrate judge couldn’t approve a warrant request to search a computer remotely if the investigator didn’t know where the computer was—because it might be outside his or her jurisdiction.

The rule change, sent in a letter to Congress on Thursday, would allow a magistrate judge to issue a warrant to search or seize an electronic device regardless of where it is, if the target of the investigation is using anonymity software like Tor to cloak their location. Over a million people use Tor to browse popular websites like Facebook every month for perfectly legitimate reasons, in addition to criminals who use it to hide their locations.

The changes are already raising concerns among privacy advocates who have been closely following the issue.

“Whatever euphemism the FBI uses to describe it—whether they call it a ‘remote access search’ or a ‘network investigative technique’—what we’re talking about is government hacking, and this obscure rule change would authorize a whole lot more of it,” Kevin Bankston, director of the Open Technology Institute, said in a press release.

Ahmed Ghappour, a visiting professor at University of California Hastings Law School, has described it as “possibly the broadest expansion of extraterritorial surveillance power since the FBI’s inception.”

The Supreme Court ruling also expands the warrants to allow the FBI to hack into computers that have already been hacked, such as those infected by a botnet—a type of malware that gives criminal hackers the power to take over many innocent “zombie” computers to distribute spam or spread viruses.

This part of the ruling would allow the FBI to search the victim’s property.

“On account of their distributed nature, investigations of unlawful botnets undoubtedly pose a significant barrier to law enforcement,” Amie Stepanovich, senior policy counsel for digital rights group Access Now, said in testimony before the judicial panel that considered the rule change before it got to the Supreme Court.

However, “the proposed amendment unilaterally expands [FBI] investigations to further encompass the devices of the victims themselves, those who have already suffered injury and are most at risk by the further utilization of the botnet.”

It’s now up to Congress to modify or reject the proposed changes. Otherwise, the policies go into effect on December 1.

“These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices,” Senator Ron Wyden, D-Ore., wrote in a press release on Thursday. “I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government.”

Duh...it's not like Apple or any hackers don't know how it works. But still, governments lie so much you can't believe anything they say. They don't believe what they say! Imagine all the energy they have to invest in covering their ass-ets.

FBI doesn’t know how to use iPhone hack it bought for $1mn – report

Published time: 29 Apr, 2016 16:04

The FBI spent roughly a million dollars to hack into the encrypted iPhone 5C that belonged to San Bernardino shooter Syed Rizwan Farook, but apparently no how-to instructions were included in the deal.

Although the FBI has physical possession of the mechanism that can unlock any encrypted iPhone 5C model featuring iOS 9, the agency doesn’t actually know how to use the method, according to a report from Reuters.

Citing unnamed government sources, Reuters stated that the FBI paid just under $1 million for the ability to crack the iPhone 5C, which is notably less than previously suggested. Last week, FBI Director James Comey said that breaking into the phone cost more than he will get paid over the next seven years on the job – a total that amounted to about $1.3 million based on his annual salary.

While the FBI doesn’t know how the hack mechanism works, the agency will reportedly be able to use it in order to unlock other iPhone 5C models without having to make additional payments to the contractor who sold it to the government. It’s unclear if this is dependent on the bureau eventually learning how the device functions or if the contractor would do the work.

The government has also gone to extreme lengths to keep the contractor’s identity a secret, with a source telling Reuters that even Comey doesn’t know who it is.

Back in March, the Justice Department announced it had successfully broken into Farook’s locked iPhone, dropping its campaign to force Apple into doing so. The FBI argued that Apple was required develop software that could bypass the phone’s security based on an 18th-century law that compels companies to assist government investigations. The FBI won a court order in support of its claim, but Apple resisted, arguing that creating such software would compromise the security of all other iPhones.

Earlier this week, Comey said his agency is still analyzing the security flaw that permitted the iPhone hack, and that it may not tell Apple or the public about it.

“We are in the midst of trying to sort that out,” Comey said. “The threshold [for disclosure] is: are we aware of the vulnerability, or did we just buy a tool and don’t have sufficient knowledge of the vulnerability to implicate the process?”

Comey said the FBI doesn’t anticipate a continued reliance on hacking despite its $1 million purchase. He pointed to the fact that the current hack only works on iPhone 5C models that run iOS 9.

As for Farook’s phone in particular, the FBI’s investigation is ongoing. Authorities are still trying to determine if the device holds valuable information that could help flesh out the timeline of events from the December shooting in San Bernardino, which saw 14 people shot to death and another 22 injured.

The shooting spree is believed to have been planned and carried out by Farook and his wife Tashfeen Malik, though the FBI is trying to determine whether or not anyone else was involved.

There are so many reasons not to have a Facebook account, too numerous to post here....

Texas Prisons Assert Right to Censor Inmates’ Families on Social Media

Jordan Smith

Apr. 29 2016, 10:11 a.m.

On the morning of April 15, Pat Hartwell drove up from her home in Houston, Texas, to the Crowne Plaza Hotel in Austin, where the Texas Department of Criminal Justice, which runs the state’s prisons, was holding a board meeting. The board only offers a public comment period during two of its meetings each year, and this would be the first time in 2016 that the public would have a chance to air grievances or concerns about agency operations, for example, or prison conditions.

For Hartwell, a well-known anti-death penalty activist in Texas, the timing of the meeting was opportune; roughly a week earlier, word had spread among prisoners, family members, and activists that the director of the TDCJ had established a new rule forbidding any prisoner from maintaining a social media presence. Hartwell has for years maintained a Facebook page for a death row inmate she is certain is innocent, and she wanted some answers.

In a section of the 146-page Offender Orientation Handbook reserved for “standards of behavior” — between a rule requiring prisoners to “show respect” in their interactions with others and another forbidding “fighting, scuffling, horseplay, or similar activities” — there had appeared a seemingly incongruous new rule stating that prisoners “are prohibited from maintaining active social media accounts for the purposes of soliciting, updating, or engaging others, through a third party or otherwise.”

Hartwell and others only found out about it because the wife of a death row prisoner happened to be visiting her husband on the day inmates there discovered the new policy. The lack of explanation or guidance concerning its provenance was disconcerting (as far as anyone knew, the rule was never vetted by the department’s board). And they were confused about why it hadn’t been brought directly to anyone’s attention (the responsibility for keeping abreast of new rules falls squarely on the offenders, activists say prisoners were told).

But more importantly, prisoners and their advocates didn’t understand the scope of the new rule. In Texas (as in most places), prisoners have no direct access to the internet, so anything about them that appears online is posted by a third party — by definition, a person who is not under the supervision of the department of corrections. As such, the new rule would infringe on the free speech and expression rights of ordinary citizens — a proposition of dubious constitutionality, says David Fathi, director of the ACLU’s National Prison Project.

They also didn’t understand why social media was being targeted — or whether the rule was intended to include other uses of the internet, including websites and blogs dedicated to prisoner artwork, exposing abuses inside facilities, or drawing attention to specific cases of apparent wrongful conviction. And since the same information published on a website could easily be — and often is — posted to Facebook and other social media platforms, there was concern the rule was made to be flexible enough that TDCJ could easily broaden its scope to attack other online content.

Upon learning of the rule, Hartwell penned an email to agency spokesperson Jason Clark with a list of questions. When she didn’t hear back, she emailed the head of TDCJ, its general counsel, and its ombudsman. The day before the April board meeting, she got a short reply from the ombudsman that didn’t exactly assuage her concerns — or directly address the majority of her questions. It was, she would tell the board, an “inadequate answer.” Restating the new rule, the ombudsman said that it applied to all social media, and not only would offenders be punished for violating it, but outside third parties would be as well, by having their ability to visit or correspond with their loved ones suspended.texas-social-media021

By the time Hartwell arrived at the Crowne Plaza for the meeting, she was mad; she felt forced by the TDCJ to take offline the Facebook page she had long maintained. And that quickly turned into frustration when a board coordinator approached to deliver a bit of confounding news. Because there were so many people signed up to speak during the public comment period (including three who wanted to speak about the social media rule), the board’s chair had decided to chop in half each speaker’s normal allotted time of three minutes. How many people were signed up? The board rep didn’t know; this is what the chairman has decided, she said.

But throughout the comment period, the rules kept changing, and not everyone got the promised 1 1/2 minutes. First, Chair Dale Wainwright, a former jurist on the Texas Supreme Court, announced that individuals who’d signed up to speak on the same topic would have to coordinate among themselves to figure out who would abridge and deliver comments on behalf of the group — regardless of whether the individuals had similar comments to make. For social media comments, he would offer a total of two minutes. Midway through the meeting, Wainwright changed the rules again, offering each speaker just 60 seconds to communicate their complaints and concerns.

After the comment period — during which board members did not respond to questions (Wainwright promised each speaker would later receive a written response) — Hartwell was quick to link the chair’s actions to concerns about the social media rule. If the board so easily bent its rules for citizen communications, what was to keep the agency from bending its social media rule too? “They’re very arbitrary,” she told The Intercept. “They do what they want to do, and this is what scares me about this stuff.”

The new rule first made news on April 12, when a reporter for the local FOX station in Houston essentially took credit for its creation. According to the reporter, the rule followed from a story he did back in January that drew attention to a Facebook page maintained for a prisoner named Elmer Wayne Henley Jr., who in the early 1970s, was an accomplice to the sexual assault and murder of more than two dozen teenage boys. In addition to written posts, Henley’s page was apparently displaying jewelry for sale and other art that he made in prison.

Although he didn’t mention Henley directly, TDCJ spokesperson Jason Clark later said the rule was necessary because some inmates had misused their accounts. “Offenders have used social media accounts to sell items over the internet based on the notoriety of their crime, harass victims or victims’ families, and continue their criminal activity,” he told Fusion in an email. Of course, trying to sell so-called murderabilia or threatening or harassing victims is already prohibited under TDCJ rules. Given that the content for Facebook and other internet sites must be transmitted from prison via mail, phone, or in-person visit, all of which are heavily monitored, it is hard to see how banning social media for all prisoners would be necessary to ferret out such violations.

When asked to provide details on incidents that prompted adoption of the rule, Clark referred The Intercept to the agency’s Office of the Inspector General, suggesting we file an open records request for the information. In a follow-up email, he said there was “not one specific incident related to an offender that prompted the new rule.” Rather, he wrote, it was that “it had become more difficult to have an offender’s social media account take down because the agency had no policy that specifically prohibited it.”

As it turns out, Facebook, at least, has been censoring prisoner pages for a number of years — despite its stated goal of giving “people the power to share and to make the world more open and connected.” According to reporting by the Electronic Frontier Foundation, from at least 2011 through early 2015, prison officials and Facebook shared a “special arrangement” whereby a prison could provide Facebook with links for prisoner pages it wanted removed, and Facebook would then suspend those profiles, “often [with] no questions asked, even when it wasn’t clear if any law or Facebook policy was being violated.”

Records obtained by EFF showed that Facebook had censored hundreds, if not thousands of accounts in this fashion. In the wake of the revelations, Facebook revised its procedures, creating a form for prison officials to fill out that includes not only information about the prisoner in question, but also a requirement that the complaint include a link to “applicable law or legal authority regarding inmate social media access,” EFF reported. If no rule or law is in place, the prison must provide “specific” safety-related reasons that the page should be taken down.

In an email to The Intercept, Clark confirmed that TDCJ had benefited from a chummy relationship with Facebook: Prior to adopting its new rule, the agency had requested that prisoner pages be suspended, and Facebook had granted those requests. He did not say how many requests TDCJ made or how many suspensions occurred as a result — again suggesting that we send an open records request to the OIG for the information. (The Intercept has submitted such a request.)

Clark insists the rule is aimed only at social media and that third party-maintained prisoner blogs and websites are still allowed. When asked why that is, if the content is essentially the same, he explained that the agency has no mechanism to request the removal of other web content. So, if such a mechanism existed, would TDCJ prefer that all online prisoner-related content be eliminated? “I’m not going to get into some hypothetical, ‘if there was a rule,’ are we going to try to get that off,” he said.

The real issue, Clark wrote in an email, is that the prisoner Facebook pages not only violate TDCJ’s new rule, but also the company’s own terms of service — including a provision that the TDCJ believes forbids third parties from updating a page. “We are asking social media companies to take down accounts of offenders who are not updating them themselves, which would be a violation of their terms of agreements,” he wrote. “Speech on platforms such as Facebook and Twitter is as free as the terms of their agreements permit.”

But it isn’t clear that the agency’s reading of Facebook’s terms of service is accurate. The company forbids sharing a password or allowing anyone to “access your account” — which is one kind of third-party access. But offenders don’t actually create their own pages (unless, of course, the page was set up by a prisoner using a contraband cellphone — but that would be its own, separate TDCJ rules violation). The other kind of third-party access — having a person who is not in prison create and maintain the account — is not expressly forbidden by Facebook’s terms.

Facebook did not respond to requests for comment for this story.

Texas isn’t the only state where corrections officials have tried to tamp down prisoner access to the online world — though it is hard to know exactly how many states have such a rule on the books. New Mexico has a rule (EFF and other activists have asked that it be repealed), as do Alabama and South Carolina. South Carolina’s rule is particularly punitive; it is a violation of the highest level and can land a prisoner in solitary confinement for years. As EFF has reported, one South Carolina inmate was given 37 years in solitary for violating the social media rule. In Texas, the offense isn’t considered as serious. Still, violating the rule can get an inmate confined to his cell for up to 30 days at a time.

And although Texas insists its policy does not violate the free speech rights of either prisoners or the public, the ACLU’s David Fathi disagrees. “They are purporting to regulate the speech not only of prisoners, which is problematic, but they’re purporting to regulate the speech of non-prisoners in the entire world and they can’t constitutionally do that,” he said. Prisons have the right to regulate speech “to the extent that it’s necessary for prison safety and security,” he said. Since the speech in question happens “completely outside the prison,” he argues that any link to an actual penological interest “seems extremely attenuated or nonexistent.”

A federal court case decided in 2003 supports Fathi’s position. In 2000, Arizona legislators passed a law prohibiting prisoners from any internet access; at least five inmates were subsequently punished after officials found mention of them online. In 2002, the Canadian Coalition Against the Death Penalty — represented by Fathi and the ACLU — sued, arguing the restriction was unconstitutional. A year later, a federal district judge agreed. Although Arizona had argued its ban was necessary to prevent nefarious activity — like harassing victims, a motivation Texas cited in creating its rule — there were already rules and statutes prohibiting such conduct, which is also true in Texas. Ultimately, the Arizona judge found that the state could advance its penological interests without the internet ban — by enforcing existing regulations.

Anthony Graves, who spent 18 years in prison in Texas, including 12 on death row, before being exonerated for a grisly multiple murder that he did not commit, expressed his concern that unless the rule is repealed, wrongful convictions like his will go unnoticed. “I don’t see this as a security breach because its been going on” for a long time, he said, referring to prisoners’ presence on social media. “It’s another way to oppress an inmate,” blocking him from interaction with family and others in the outside world, “and it takes away a tool from those with legitimate claims of innocence,” he said. “The most powerful tool innocent people have is social media.”

Fathi says the Texas rule and others like it not only do damage to free speech rights, but simply make no sense. “Some prison officials fear the internet. They don’t really understand it and they attribute to it magical powers. And I think that lies at the root of nonsensical rules like this,” he said. “Everyone agrees that a prisoner could write a letter to the New York Times and place an ad saying, ‘I’m innocent.’ So what’s the difference if he writes a letter [to a friend] and says, ‘Post this on Facebook’? Like, what is the difference?” he asked. “If you think about it for 30 seconds, it doesn’t make any sense.”

A newly published study from Oxford’s Jon Penney provides empirical evidence for a key argument long made by privacy advocates: that the mere existence of a surveillance state breeds fear and conformity and stifles free expression. Reporting on the study, the Washington Post this morning described this phenomenon: “If we think that authorities are watching our online actions, we might stop visiting certain websites or not say certain things just to avoid seeming suspicious.”

The new study documents how, in the wake of the 2013 Snowden revelations (of which 87% of Americans were aware), there was “a 20 percent decline in page views on Wikipedia articles related to terrorism, including those that mentioned ‘al-Qaeda,’ “car bomb’ or ‘Taliban.'” People were afraid to read articles about those topics because of fear that doing so would bring them under a cloud of suspicion. The dangers of that dynamic were expressed well by Penney: “If people are spooked or deterred from learning about important policy matters like terrorism and national security, this is a real threat to proper democratic debate.”

As the Post explains, several other studies have also demonstrated how mass surveillance crushes free expression and free thought. A 2015 study examined Google search data and demonstrated that, post-Snowden, “users were less likely to search using search terms that they believed might get them in trouble with the US government” and that these “results suggest that there is a chilling effect on search behavior from government surveillance on the Internet.”

The fear that causes self-censorship is well beyond the realm of theory. Ample evidence demonstrates that it’s real – and rational. A study from PEN America writers found that 1 in 6 writers had curbed their content out of fear of surveillance and showed that writers are “not only overwhelmingly worried about government surveillance, but are engaging in self-censorship as a result.” Scholars in Europe have been accused of being terrorist supporters by virtue of possessing research materials on extremist groups, while British libraries refuse to house any material on the Taliban for fear of being prosecuted for material support for terrorism.

There are also numerous psychological studies demonstrating that people who believe they are being watched engage in behavior far more compliant, conformist and submissive than those who believe they are acting without monitoring. That same realization served centuries ago as the foundation of Jeremy Bentham’s Panopticon: that behaviors of large groups of people can be effectively controlled through architectural structures that make it possible for them to be watched at any given movement even though they can never know if they are, in fact, being monitored, thus forcing them to act as if they always are being watched. This same self-censorsing, chilling effect of the potential of being surveilled was also the crux of the tyranny about which Orwell warned in 1984:

There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You have to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.

This is a critical though elusive point which, as the Post notes, I’ve been arguing for years, including in the 2014 TED talk I gave about the harms of privacy erosions. But one of my first visceral encounters with this harmful dynamic arose years before I worked on NSA disclosures: it occurred in 2010, the first time I ever wrote about WikiLeaks. This was before any of the group’s most famous publications.

What prompted my writing about WikiLeaks back then was a secret 2008 Pentagon Report that declared the then-little-known group a threat to national security and plotted how to destroy it: a report which, ironically enough, was leaked to WikiLeaks, which then published it online. (Shortly thereafter, WikiLeaks published a 2008 CIA report describing (presciently, it turns out) how the best hope for maintaining popular European support for the war in Afghanistan would be the election of Barack Obama as President: since he would put a pretty, popular, progressive face on war policies.)

As a result of that 2008 report, I researched WikiLeaks and interviewed its founder, Julian Assange, and found that they had been engaging in vital transparency projects around the world: from exposing illegal corporate waste-dumping in East Africa to political corruption and official lies in Australia. But they had one significant problem: funding and human resource shortfalls were preventing them from processing and publishing numerous leaks. So I wrote an article describing their work, and recommended that my readers support that work either by donating or volunteering. And I included links for how they could do so.

In response, a large number of American readers expressed – in emails, in the comment section, at public events – the fear to me that, while they support WikiLeaks’ work, they were petrified that supporting them would cause them to end up on a government list somewhere or, worse, charged with crimes if WikiLeaks ended up being formally charged as a national security threat. In other words, these were Americans who were voluntarily relinquishing core civil liberties – the right to support journalism they believe in and to politically organize – because of fear that their online donations and work would be monitored and surveilled. Subsequent revelations showing persecution and surveillance against WikiLeaks and its supporters, including an effort to prosecute them for their journalism, proved that these fears were quite rational.

There is a reason governments, corporations, and multiple other entities of authority crave surveillance. It’s precisely because the possibility of being monitored radically changes individual and collective behavior. Specifically, that possibility breeds fear and fosters collective conformity. That’s always been intuitively clear. Now, there is mounting empirical evidence proving it.

A targeted malware campaign stretching back to 1996 and with NSA fingerprints has been uncovered by Kaspersky, with claims it can infect the firmware of hard drives and solid state drives.Anti-virus researchers at Kaspersky Labs have uncovered evidence of what they claim is the most sophisticated malware operation in history, carried out by the Equation Group, including modules which have the ability to reprogram and infect the firmware of storage devices.

The Global Research and Analysis Team (GReAT) of anti-virus specialist Kaspersky Labs has released a report into a team of malware writers it calls the Equation Group, including evidence that the group operates under the auspice of the US government likely as a branch of the National Security Agency. The most surprising of the group's claims: that the malware created by the Equation Group has the ability to overwrite and infect the firmware of storage devices, taking control of the system at the start of the boot process - preventing any operating system from ever detecting that there is malware running.

Kaspersky was first alerted to the Equation Group and its malware in 2009, when an anonymous scientist identified only under the pseudonym Grzegorz Brzęczyszczykiewicz received a CD-ROM containing a slideshow of an event he had attended - a CD-ROM which infected his system with what the company describes as the creation of 'an almost omnipotent cyberespionage organization that had just infected his computer through the use of three exploits, two of them being zero-days..' The company's analysis of the group's creations has taken several years, finding evidence of its handiwork stretching back to 1996. Its most notable creations are a series of Trojan horses identified under somewhat questionable codenames: EquationLaser, EquationDrug, DoubleFantasy, TripleFantasy, Grayfish, and Fanny.

Of these, Grayfish and EquationDrug are the most notable for containing modules which reprogram the firmware of a hard drive or flash storage device connected to the target system, hiding the malware directly within the device itself. 'The plugin supports two main functions,' Kaspersky's detailed report (PDF warning) claims. 'Reprogramming the HDD firmware with a custom payload from the Equation group, and providing an API into a set of hidden sectors (or data storage) of the hard drive.' The claimed result: a malware infection which survives even a secure erase of the hard drive and operating system reinstall, coupled with a hidden block of persistent storage on the drive itself which cannot be accessed by the host operating system but can be read from and written to at will by the malware infection.

The modules uncovered by Kaspersky include references to a number of high-profile storage vendors: Maxtor, Seagate, Western Digital and Samsung are supported by the earliest version of the malware, while an upgraded version adds support for HGST, IBM, Hitachi, ExcelStor, Micron, Toshiba, OCZ, OWC, Corsair and Mushkin solid-state devices. 'The Equation Group's HDD firmware reprogramming module is extremely rare,' Kaspersky's report notes. 'During our research, we've only identified a few victims who were targeted by this module. This indicates that it is probably only kept for the most valuable victims or for some very unusual circumstances.'

Kaspersky's discovery appears to be linked to National Security Agency document, published by Der Spiegel (PDF warning), which advertised for an intern to work at the agency creating 'a covert storage product that is enabled from a hard drive firmware modification.' Where the job posting, dated 2006, suggests that this technology would be used to conceal half the capacity of the drive for covert storage, its similarity to the techniques used by the Equation Group for malware infection suggests the NSA's involvement.

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last"Equation Group" ran the most advanced hacking operation ever uncovered."

by Dan Goodin - Feb 16, 2015 12:00pm MST

CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn't the first time the operators—dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group's extensive library. (Kaspersky settled on the name Equation Group because of members' strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list. Because of a self-destruct mechanism built into the malware, the researchers suspect that this is just a tiny percentage of the total; the actual number of victims likely reaches into the tens of thousands.

A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources. They include:

The use of virtual file systems, a feature also found in the highly sophisticated Regin malware. Recently published documents provided by Ed Snowden indicate that the NSA used Regin to infect the partly state-owned Belgian firm Belgacom. The stashing of malicious files in multiple branches of an infected computer's registry. By encrypting all malicious files and storing them in multiple branches of a computer's Windows registry, the infection was impossible to detect using antivirus software. Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices. The use of more than 300 Internet domains and 100 servers to host a sprawling command and control infrastructure. USB stick-based reconnaissance malware to map air-gapped networks, which are so sensitive that they aren't connected to the Internet. Both Stuxnet and the related Flame malware platform also had the ability to bridge airgaps. An unusual if not truly novel way of bypassing code-signing restrictions in modern versions of Windows, which require that all third-party software interfacing with the operating system kernel be digitally signed by a recognized certificate authority. To circumvent this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.

Taken together, the accomplishments led Kaspersky researchers to conclude that Equation Group is probably the most sophisticated computer attack group in the world, with technical skill and resources that rival the groups that developed Stuxnet and the Flame espionage malware.

"It seems to me Equation Group are the ones with the coolest toys," Costin Raiu, director of Kaspersky Lab's global research and analysis team, told Ars. "Every now and then they share them with the Stuxnet group and the Flame group, but they are originally available only to the Equation Group people. Equation Group are definitely the masters, and they are giving the others, maybe, bread crumbs. From time to time they are giving them some goodies to integrate into Stuxnet and Flame."

In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency.

First is the group's known aptitude for conducting interdictions, such as installing covert implant firmware in a Cisco Systems router as it moved through the mail.

Second, a highly advanced keylogger in the Equation Group library refers to itself as "Grok" in its source code. The reference seems eerily similar to a line published last March in an Intercept article headlined "How the NSA Plans to Infect 'Millions' of Computers with Malware." The article, which was based on Snowden-leaked documents, discussed an NSA-developed keylogger called Grok.

Third, other Equation Group source code makes reference to "STRAITACID" and "STRAITSHOOTER." The code words bear a striking resemblance to "STRAITBIZARRE," one of the most advanced malware platforms used by the NSA's Tailored Access Operations unit. Besides sharing the unconventional spelling "strait," Snowden-leaked documents note that STRAITBIZARRE could be turned into a disposable "shooter." In addition, the codename FOXACID belonged to the same NSA malware framework as the Grok keylogger.

Apart from these shared code words, the Equation Group in 2008 used four zero-day vulnerabilities—including two that were later incorporated into Stuxnet.

The similarities don't stop there. Equation Group malware dubbed GrayFish encrypted its payload with a 1,000-iteration hash of the target machine's unique NTFS object ID. The technique makes it impossible for researchers to access the final payload without possessing the raw disk image for each individual infected machine. The technique closely resembles one used to conceal a potentially potent warhead in Gauss, a piece of highly advanced malware that shared strong technical similarities with both Stuxnet and Flame. (Stuxnet, according to The New York Times, was a joint operation between the NSA and Israel, while Flame, according to The Washington Post, was devised by the NSA, the CIA, and the Israeli military.)

Beyond the technical similarities to the Stuxnet and Flame developers, Equation Group boasted the type of extraordinary engineering skill people have come to expect from a spy organization sponsored by the world's wealthiest nation. One of the Equation Group's malware platforms, for instance, rewrote the hard-drive firmware of infected computers—a never-before-seen engineering marvel that worked on 12 drive categories from manufacturers including Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate.

The malicious firmware created a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system. The firmware also provided programming interfaces that other code in Equation Group's sprawling malware library could access. Once a hard drive was compromised, the infection was impossible to detect or remove.

While it's simple for end users to re-flash their hard drives using executable files provided by manufacturers, it's just about impossible for an outsider to reverse engineer a hard drive, read the existing firmware, and create malicious versions.

"This is an incredibly complicated thing that was achieved by these guys, and they didn't do it for one kind of hard drive brand," Raiu said. "It's very dangerous and bad because once a hard drive gets infected with this malicious payload it's impossible for anyone, especially an antivirus [provider], to scan inside that hard drive firmware. It's simply not possible to do that."

Equation Group's work

One of the most intriguing elements of Equation Group is its suspected use of interdiction to infect targets. Besides speaking to the group's organization and advanced capabilities, such interceptions demonstrate the lengths to which the group will go to infect people of interest. The CD from the 2009 Houston conference—which Kaspersky declined to identify, except to say it was related to science—tried to use the autorun.inf mechanism in Windows to install malware dubbed DoubleFantasy. Kaspersky knows that conference organizers did send attendees a disc, and the company knows the identity of at least one conference participant who received a maliciously modified one, but company researchers provided few other details and don't know precisely how the malicious content wound up on the disc.

"It would be very easy to trace the attack back to the organizers and point them out, and this could in turn result in some very serious diplomatic incidents," Raiu said. "Our best guess is that the organizers didn't act in a malicious way against the participants, but [that] some of the CD-ROMs on their way to the participants were intercepted and replaced with the malicious variants."

Even less is known about a CD for installing Oracle 8i-8.1.7 for Windows sent six or seven years earlier, except that it installed an early Equation Group malware program known as EquationLaser. The conference and Oracle CDs are the only Equation Group interdictions that Kaspersky researchers have discovered. Given how little is known about the interdictions, they weren't likely to have been used often.

A separate method of infection relied on a worm introduced in 2008 that Kaspersky has dubbed Fanny, after a text string that appears in one of the zero-day exploits used by the worm to self-replicate. The then-unknown vulnerability resided in functions that process so-called .LNK files Windows uses to display icons when a USB stick is connected to a PC. By embedding malicious code inside the .LNK files, a booby-trapped stick could automatically infect the connected computer even when its autorun feature was turned off. The self-replication and lack of any dependence on a network connection made the vulnerability ideal for infecting air-gapped machines. (The .LNK vulnerability is classified as CVE-2010-2568.)

Some two years after first playing its role in Fanny, the .LNK exploit was added to a version of Stuxnet so that the worm could automatically spread through highly sensitive computers in Iran. Fanny also relied on an elevation-of-privilege vulnerability that was a zero day at the time the worm was introduced. In 2009, the exploit also made its way into Stuxnet, but by then, Microsoft had patched the underlying bug with the release of MS09-025.

The LNK exploit as used by Fanny.Kaspersky Lab

A far more common infection vector was Web-based attacks that exploited vulnerabilities in Oracle's Java software framework or in Internet Explorer. The exploits were hosted on a variety of websites related to everything from reviews of technology products to discussions of Islamic Jihad. In addition to planting exploits on the websites, the attack code was also transmitted through ad networks. The wide range of exploit carriers may explain why so many of the machines Kaspersky observed reporting to its sinkholes were domain controllers, data warehouses, website hosts, and other types of servers. Equation Group, it seems, wasn't infecting only end user computers—it was also booby-trapping servers known to be accessed by targeted end users.

Equation Group exploits are notable for the surgical precision exercised to ensure that only an intended target was infected. One Equation Group-written PHP script that Kaspersky unearthed, for instance, checked if the MD5 hash of a website visitor's username was either 84b8026b3f5e6dcfb29e82e0b0b0f386 or e6d290a03b70cfa5d4451da444bdea39. The plaintext corresponding to the first hash is "unregistered," an indication that attackers didn't want to infect visitors who weren't logged in. The second hash has yet to be deciphered Update: now been cracked; see this brief.

"We could not crack this MD5, despite using considerable power for several weeks, which makes us believe [the plaintext username] is a relatively complex one," Raiu said. "It definitely indicates that whoever is behind this username should not be infected by the Equation Group, [and] actually it shouldn't even see the exploit. I would assume this is either one of the group members (a fake identity), one of their partners, or a known identity of a previously infected victim."

The PHP script also took special care not to infect IP addresses based in Jordan, Turkey, and Egypt. Kaspersky observed users visiting the site who didn't meet any of these exceptions, yet they still weren't attacked—an indication that an additional level of filtering spared all but the most sought-after targets who visited the site.

where the h value (that is, the text following the "h=") appears to be an SHA1 hash. Kaspersky has yet to crack those hashes, but company researchers suspect they're being used to serve customized exploits to specific people. The company is recruiting help from fellow white-hat hackers in cracking them. Other hashes include:

The PHP exploit code also serves unique Web pages and HTML code to people visiting with iPhones, behavior that Kaspersky found telling.

"This indicates the exploit server is probably aware of iPhone visitors and can deliver exploits for them as well," Kaspersky's report published Monday explained. "Otherwise, the exploitation URL can simply be removed for these." The report also said one sinkholed server receives visits from a large pool of China-based machines that identify themselves as Macs in the browser user agent string. While Kaspersky has yet to obtain Equation Group malware that runs on OS X, they believe it exists.

It's so pointless for the NSA to continue lying about this because it has become more than obvious that they do it to not only foreign countries but their own people as well, and that it makes no difference to them. The truth will set us free and them as well. The whole point of such nefarious and secret doings is to fool us and prevent us from knowing the inevitable which us North Americans avoid and take for granted otherwise and that is; we need to step up to the plate of assuming all of our own personal responsibility for our own lives. Which means us being accountable for having shirked such responsibility and given our power away to those more than willing to take it and lord it over us. It's a two way street and we must assume responsibility and accountability as well. Living those 6 Heart Virtues is a great starting point and really does make all the difference in the world ....it must be exhausting for all the energy and attention required to keep the deception going. Far more is required than to be simple truth and free. However, how much of that have we forgotten?

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.

In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.

But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.

Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.

It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.

Previous reports have alleged that the NSA worked with Israel to develop the Stuxnet malware, which was used to sabotage Iranian nuclear facilities. The agency also reportedly worked with Israel to deploy malware called Flame to infiltrate computers and spy on communications in countries across the Middle East.

According to the Snowden files, the technology has been used to seek out terror suspects as well as individuals regarded by the NSA as “extremist.” But the mandate of the NSA’s hackers is not limited to invading the systems of those who pose a threat to national security.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

Similar tactics have been adopted by Government Communications Headquarters, the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.

The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.

Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.

Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.

The implants also track phone calls sent across the network via Skype and other Voice Over IP software, revealing the username of the person making the call. If the audio of the VOIP conversation is sent over the Internet using unencrypted “Real-time Transport Protocol” packets, the implants can covertly record the audio data and then return it to the NSA for analysis.

But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.

“Mass exploitation potential”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network.

According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds.

There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious.

Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.

According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.

“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.

“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”

In an email statement to The Intercept, Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.

Nancarrow also pointed out that other services besides Facebook could have been compromised by the NSA. “If government agencies indeed have privileged access to network service providers,” he said, “any site running only [unencrypted] HTTP could conceivably have its traffic misdirected.”

A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.

This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.

The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.

A top-secret NSA presentation from 2012 reveals that the agency developed a man-in-the-middle capability called SECONDDATE to “influence real-time communications between client and server” and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet anonymity service Tor.

But SECONDDATE is tailored not only for “surgical” surveillance attacks on individual suspects. It can also be used to launch bulk malware attacks against computers.

According to the 2012 presentation, the tactic has “mass exploitation potential for clients passing through network choke points.”

Blaze, the University of Pennsylvania surveillance expert, says the potential use of man-in-the-middle attacks on such a scale “seems very disturbing.” Such an approach would involve indiscriminately monitoring entire networks as opposed to targeting individual suspects.

“The thing that raises a red flag for me is the reference to ‘network choke points,’” he says. “That’s the last place that we should be allowing intelligence agencies to compromise the infrastructure – because that is by definition a mass surveillance technique.”

To deploy some of its malware implants, the NSA exploits security vulnerabilities in commonly used Internet browsers such as Mozilla Firefox and Internet Explorer.

The agency’s hackers also exploit security weaknesses in network routers and in popular software plugins such as Flash and Java to deliver malicious code onto targeted machines.

The implants can circumvent anti-virus programs, and the NSA has gone to extreme lengths to ensure that its clandestine technology is extremely difficult to detect. An implant named VALIDATOR, used by the NSA to upload and download data to and from an infected machine, can be set to self-destruct – deleting itself from an infected computer after a set time expires.

In many cases, firewalls and other security measures do not appear to pose much of an obstacle to the NSA. Indeed, the agency’s hackers appear confident in their ability to circumvent any security mechanism that stands between them and compromising a computer or network. “If we can get the target to visit us in some sort of web browser, we can probably own them,” an agency hacker boasts in one secret document. “The only limitation is the ‘how.’”

Covert Infrastructure

The TURBINE implants system does not operate in isolation.

It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.

The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England.

The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.

GCHQ, the British agency, has taken on a particularly important role in helping to develop the malware tactics. The Menwith Hill satellite eavesdropping base that is part of the TURMOIL network, located in a rural part of Northern England, is operated by the NSA in close cooperation with GCHQ.

Top-secret documents show that the British base – referred to by the NSA as “MHS” for Menwith Hill Station – is an integral component of the TURBINE malware infrastructure and has been used to experiment with implant “exploitation” attacks against users of Yahoo and Hotmail.

In one document dated 2010, at least five variants of the QUANTUM hacking method were listed as being “operational” at Menwith Hill. The same document also reveals that GCHQ helped integrate three of the QUANTUM malware capabilities – and test two others – as part of a surveillance system it operates codenamed INSENSER.

GCHQ cooperated with the hacking attacks despite having reservations about their legality. One of the Snowden files, previously disclosed by Swedish broadcaster SVT, revealed that as recently as April 2013, GCHQ was apparently reluctant to get involved in deploying the QUANTUM malware due to “legal/policy restrictions.” A representative from a unit of the British surveillance agency, meeting with an obscure telecommunications standards committee in 2010, separately voiced concerns that performing “active” hacking attacks for surveillance “may be illegal” under British law.

In response to questions from The Intercept, GCHQ refused to comment on its involvement in the covert hacking operations. Citing its boilerplate response to inquiries, the agency said in a statement that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight.”

Whatever the legalities of the United Kingdom and United States infiltrating computer networks, the Snowden files bring into sharp focus the broader implications. Under cover of secrecy and without public debate, there has been an unprecedented proliferation of aggressive surveillance techniques. One of the NSA’s primary concerns, in fact, appears to be that its clandestine tactics are now being adopted by foreign rivals, too.

“Hacking routers has been good business for us and our 5-eyes partners for some time,” notes one NSA analyst in a top-secret document dated December 2012. “But it is becoming more apparent that other nation states are honing their skillz [sic] and joining the scene.”

So we have 'voice to skull' tech where thoughts can be planted inside a persons head. And to the degree they are unaware that it isn't their own thought is to the degree they are influenced by it or obey it. Whole areas of people within the perimeters of cell towers can be affected. You wonder about the people supporting Trump and Hilliary? After all our brains are transmitters/receivers. Governments make use of cell towers to implement voice to skull through the use of the microwaves. And polling stations are all within the perimeters of one cell tower or another.( Other tech is used but there is too much to include in this post.) I have experienced voice to skull and it was bizarre to me because it was so obvious that I wasn't thinking it. I knew it wasn't my thought because I trust my Heart Intelligence and not the lower mind/ego. Then we have our computer hard drives being infected with malware before we even purchase a computer because the NSA has made deals with the manufacturers of various brand name computers if not software companies. Computers sent through the mail can be infected as well if an intervention is made and you would never know it. And even if you build your own which is very possible, NSA hackers will try tricking you into downloading their infected software under the guise of something else. Btw a lot of the tech used by government agencies to trick and control the masses with is reverse engineered from various tech found on downed ET spaceships that materialized or were shot down. The only ships you see that never disappear are made by men. Ships from interdimensions or multidimensions cannot appear here for long else they risk materializing because of the earth's core that is at its densest. However, the control freaks seem to be panicking. Too many are waking up too fast and its getting harder and harder for them to control. Control of the people. There is no hope that they could ever control the Source of what is waking people up. Now that we have 12+ billion people on the planet the situation is right out of hand for the control freaks. Even eons ago when this was all planned 12+ billion people on the planet was NOT a part of that deal. And the vast majority of those people don't have access to the internet. Just imagine how clear their minds are not being jammed and bogged down with suggestions and all other subterfuge from cell towers. But then there are satellites.Still, when focus is primarily from the Heart and on Heart Intelligence and alignment with the earth if not love of life, the HMS or those wielding it has little to no effect in controlling Heart Intelligence. Besides, more and more people are waking up and at a rate the control freaks have no control over because the more that wake up the faster it seems to get in others waking up. Time is unraveling. And we are accelerating and those not in the flow are being left behind and panicking because they are or have lost control...bless them. Then there is the earth herself. For how much we might feel we have to deal with it really is not anywhere near what the control freaks have to confront. I say confront because for all they have ignored or dissed as being so unimportant is what is coming around to bite them in their assets, you know money, power, prestige, status all that stuff. And since that is what they worship its a hard hard blow to them when they watch it erode . Bless them.

SIDtoday is the internal newsletter for the NSA’s most important division, the Signals Intelligence Directorate. After editorial review, The Intercept is releasing nine years’ worth of newsletters in batches, starting with 2003. The agency’s spies explain a surprising amount about what they were doing, how they were doing it, and why.

Last Update — May 16 2016

The Intercept’s first SIDtoday release comprises 166 articles, including all articles published between March 31, 2003, when SIDtoday began, and June 30, 2003, plus installments of all article series begun during this period through the end of the year. Major topics include the National Security Agency’s role in interrogations, the Iraq War, the war on terror, new leadership in the Signals Intelligence Directorate, and new, popular uses of the internet and of mobile computing devices.

Along with this batch, we are publishing the stories featured below, which explain how and why we’re releasing these documents, provide an overview of SIDtoday as a publication, report on one especially newsworthy set of revelations, and round up other interesting tidbits from the files.

Comey must assume that people are really stupid not to see through how disingenuous he is. People like him actually believe their own lies. If it were only criminals he was concerned about why would it be a problem if ordinary people encrypted their machines? Because it isn't about criminals or terrorists its about keeping track of everyone and making them into criminals and terrorists at the NSA's convenience just like they did with all those people in the torture chamber at Guantanamo.. All the more reason to use encryption and the longer the password the more extremely difficult it is to crack...even with a supercomputer. Just do it! Encryption is the best! It makes you feel like a spy, but not like all those who work for the NSA.

Apple's and Google's encryption plans have not gone down well with US law enforcement, and the agency's director says the companies are leading us down a dark path.Charlie Osborne

FBI Director James Comey believes that in a "post-Snowden" world, the pendulum has swung too far — and unchecked encryption could lead us all to a "dark, dark place" where criminals walk free.

Speaking at an event at the Brookings Institute in Washington, D.C., Comey said that public misconceptions over the data collected by the US government and technological capabilities of agencies such as the NSA have encouraged heightened encryption — but the consequences could be dire.

The FBI chief, who has been in his post just over a year, said that "the law hasn't kept pace with technology, and this disconnect has created a significant public safety problem." In particular, "Going Dark" worries law enforcement the most — the spectre of facing black spots in surveillance, and not being able to gather or access evidence related to suspected criminals.

"We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so," Comey admitted.

Current law governing the interception of telecommunications data and records requires broadband and network providers to build interception capabilities into their networks, under the terms of the Communications Assistance for Law Enforcement Act (CALEA). However, this law was brought in 20 years ago — and now technology has outstripped this legislation, as new communication technologies are not necessarily covered by the act.

The FBI's director believes that Chinese hackers are not all that subtle, but are still prolific enough to break into networks and walk out with the goods — costing US businesses billions every year.

According to the FBI Director, "if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place." Comey commented:

Encryption is nothing new. But the challenge to law enforcement and national security officials is markedly worse, with recent default encryption settings and encrypted devices and networks — all designed to increase security and privacy.

Encryption isn't just a technical feature; it's a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at all levels.

The remarks were made in reference to Google and Apple, both of which have pledged to encrypt their mobile devices by default. Apple has recently added two-factor authentication to iCloud following celebrity photo leaks, and in iOS 8, the encryption keys are given to the customer. On the heels of Apple's announcement, Google said this level of encryption will also be enabled in the next version of Android.

By handing encryption keys over to the customer, neither company can decrypt user data, even if the US government obtains a court order and demands it.

Comey calls these features a marketing pitch, and it's likely that is the case. Following Snowden's disclosures, customers have lost trust in technology and telecommunications firms — and heightening basic security is a step towards regaining user trust.

While privacy advocates have applauded Apple's and Google's efforts, the FBI Chief has a different opinion. Comey commented:

If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walked free, child exploitation not discovered and prosecuted. Law enforcement needs to be able to access communications in a lawful way in order to bring people to justice. Those charged with protecting our people aren't able to access the evidence we need, even with lawful authority.

Comey goes on to imply that CALEA needs an update, saying that the law agency is comfortable with court orders and legal process, and is "not seeking a back-door approach — we want to use the front door." However, one could argue that leaving any kind of intercept door in a system weakens security — and Comey ignores these risks.

"Cyber adversaries will exploit any vulnerability they find," the FBI Chief noted. "But it makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact. And with sophisticated encryption, there might be no solution, leaving the government at a dead end — all in the name of privacy and network security."

Finally, Comey says that the FBI understands the private sector need to remain competitive in the global marketplace, and "it isn't our intent to stifle innovation or undermine US companies." However, he encouraged these companies to "take a step back, to pause, and to consider changing course" on encryption, and said the law agency needs to "find a way to help these companies understand what we need, why we need it, and how they can help, while still protecting privacy rights and providing network security and innovation."

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum